RKON

Private Equity Services

Building a Cloud Security and Compliance Program for Multiple Client Platforms Without Sacrificing Agility

Filed Under:

INDUSTRY

Technology

PRODUCTS

SaaS platform for monitoring and tracking assets

LOCATION

Santa Clara, CA

ANNUAL REVENUE

$296M

ASSIGNMENT

Prepare and assist the client with creation of Cloud Security and Compliance Program to achieve SOC 2 Type 1. Beyond technological aspects, implement risk management, employee development, vendor management, and regulatory monitoring programs.

Project Challenges

CalAmp’s Director of Product and Information Security Reza Salari knows compliance and security are of paramount importance. As an industry leader in IoT and telematics, the company manages its own sensitive data, and is a custodian of their customers’ data. With this in mind, Salari partnered with RKON to prepare for the SOC 2 process.

“Demonstrating strong security is important to earn the trust of our customers, and is critical to the business itself —RKON’s reputation in the security and compliance space and their expertise in AWS cloud technology made them the perfect fit to help us prepare for audit.”
Reza Salari, Ex-Director of Product and Information Security | CalAmp

Overview

CalAmp is a provider of IoT software applications, cloud services, data intelligence and networked telematics products and services. CalAmp’s AWS-based platform “PULS-CTC” has achieved SOC 2 Type I. Auditors examined the CalAmp telematics management platform, an environment that provides customers access to extensive intelligence and edge computing from their high-value mobile assets, cargo and infrastructure.

Insight

Multiple industries, such as automotive and trucking, construction, consumer goods, public safety, government, energy and insurance, are leveraging CalAmp’s flexible solutions to discover new ways to improve safety, increase productivity and reduce costs. This SOC 2 report will provide assurance that controls that protect these systems and data meet organizational security, transactions, and confidentiality of data as defined by the American Institute of Certified Public Accountants (AICPA). Further, it allows CalAmp to establish trust with consumers of their platform, reduce the time and cost of due diligence, and ultimately reduce the sales cycle time.

Services Provided

With multiple SaaS platforms and service offerings in the cloud, a “one size fits all” approach was not ideal for CalAmp’s SOC 2 efforts. Policies and procedures had to conform to strict standards but also support a rapidly-evolving company and industry. RKON used their expertise in cloud-native services, cyber security, and development to help CalAmp build a cloud security and compliance program, with a set of security controls that provide true compliance and security without sacrificing agility.

Results / Impact / Highlights

Beyond technological aspects, the team introduced programs including risk management, employee development, vendor management, and regulatory monitoring capabilities. RKON worked directly with the CalAmp team to design, document the system, demonstrating each control and preparing the team for audit.

“RKON took a holistic view of CalAmp’s processes and controls to create a program that reflects reality. They came to understand our business as well as we did, and helped us reach a level of security we are truly proud of —They’re as much a part of our InfoSec team as anyone at CalAmp.”
Reza SalariEx-Director of Product and Information Security | CalAmp